CVE-2024-29728

NVD Published Date: August 29, 2024 at 11:15 AM
NVD Last Modified: August 30, 2024 at 03:49 PM
Download Patch
Vulnerability ID
CVE-2024-29728
Severity
CRITICAL
Severity Score
9.8
Summary
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/inscribeUsuario/ , parameter idDesafio.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-89

Recent Publish

CVE-2024-7895

CVE-2024-29727

CVE-2024-38304

CVE-2024-7607

CVE-2024-7132

CVE-2024-29724

See SecOps Solution
in action

Schedule Demo